pyrox.dev / nixpkgs
lol
fork atom

nixos/alice-lg: init

Janik H 8ed86700 c2690b65

+149
+2
nixos/doc/manual/release-notes/rl-2305.section.md
··· 77 77 78 78 - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). 79 79 80 + - [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). 81 + 80 82 - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). 81 83 82 84 - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met.
+1
nixos/modules/module-list.nix
··· 788 788 ./services/network-filesystems/yandex-disk.nix 789 789 ./services/networking/3proxy.nix 790 790 ./services/networking/adguardhome.nix 791 + ./services/networking/alice-lg.nix 791 792 ./services/networking/amuled.nix 792 793 ./services/networking/antennas.nix 793 794 ./services/networking/aria2.nix
+101
nixos/modules/services/networking/alice-lg.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.alice-lg; 7 + settingsFormat = pkgs.formats.ini { }; 8 + in 9 + { 10 + options = { 11 + services.alice-lg = { 12 + enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); 13 + 14 + package = mkPackageOptionMD pkgs "alice-lg" { }; 15 + 16 + settings = mkOption { 17 + type = settingsFormat.type; 18 + default = { }; 19 + description = lib.mdDoc '' 20 + alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) 21 + ''; 22 + example = literalExpression '' 23 + { 24 + server = { 25 + # configures the built-in webserver and provides global application settings 26 + listen_http = "127.0.0.1:7340"; 27 + enable_prefix_lookup = true; 28 + asn = 9033; 29 + store_backend = postgres; 30 + routes_store_refresh_parallelism = 5; 31 + neighbors_store_refresh_parallelism = 10000; 32 + routes_store_refresh_interval = 5; 33 + neighbors_store_refresh_interval = 5; 34 + }; 35 + postgres = { 36 + url = "postgres://postgres:postgres@localhost:5432/alice"; 37 + min_connections = 2; 38 + max_connections = 128; 39 + }; 40 + pagination = { 41 + routes_filtered_page_size = 250; 42 + routes_accepted_page_size = 250; 43 + routes_not_exported_page_size = 250; 44 + }; 45 + } 46 + ''; 47 + }; 48 + }; 49 + }; 50 + 51 + config = lib.mkIf cfg.enable { 52 + environment = { 53 + etc."alice-lg/alice.conf".source = settingsFormat.generate "alice-lg.conf" cfg.settings; 54 + }; 55 + systemd.services = { 56 + alice-lg = { 57 + wants = [ "network.target" ]; 58 + after = [ "network.target" ]; 59 + wantedBy = [ "multi-user.target" ]; 60 + description = "Alice Looking Glass"; 61 + serviceConfig = { 62 + DynamicUser = true; 63 + Type = "simple"; 64 + Restart = "on-failure"; 65 + RestartSec = 15; 66 + ExecStart = "${cfg.package}/bin/alice-lg"; 67 + StateDirectoryMode = "0700"; 68 + UMask = "0007"; 69 + CapabilityBoundingSet = ""; 70 + NoNewPrivileges = true; 71 + ProtectSystem = "strict"; 72 + PrivateTmp = true; 73 + PrivateDevices = true; 74 + PrivateUsers = true; 75 + ProtectHostname = true; 76 + ProtectClock = true; 77 + ProtectKernelTunables = true; 78 + ProtectKernelModules = true; 79 + ProtectKernelLogs = true; 80 + ProtectControlGroups = true; 81 + RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; 82 + LockPersonality = true; 83 + MemoryDenyWriteExecute = true; 84 + RestrictRealtime = true; 85 + RestrictSUIDSGID = true; 86 + PrivateMounts = true; 87 + SystemCallArchitectures = "native"; 88 + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; 89 + BindReadOnlyPaths = [ 90 + "-/etc/resolv.conf" 91 + "-/etc/nsswitch.conf" 92 + "-/etc/ssl/certs" 93 + "-/etc/static/ssl/certs" 94 + "-/etc/hosts" 95 + "-/etc/localtime" 96 + ]; 97 + }; 98 + }; 99 + }; 100 + }; 101 + }
+44
nixos/tests/alice-lg.nix
··· 1 + # This test does a basic functionality check for alice-lg 2 + 3 + { system ? builtins.currentSystem 4 + , pkgs ? import ../.. { inherit system; config = { }; } 5 + }: 6 + 7 + let 8 + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; 9 + inherit (pkgs.lib) optionalString; 10 + in 11 + makeTest { 12 + name = "birdwatcher"; 13 + nodes = { 14 + host1 = { 15 + environment.systemPackages = with pkgs; [ jq ]; 16 + services.alice-lg = { 17 + enable = true; 18 + settings = { 19 + server = { 20 + listen_http = "[::]:7340"; 21 + enable_prefix_lookup = true; 22 + asn = 1; 23 + routes_store_refresh_parallelism = 5; 24 + neighbors_store_refresh_parallelism = 10000; 25 + routes_store_refresh_interval = 5; 26 + neighbors_store_refresh_interval = 5; 27 + }; 28 + housekeeping = { 29 + interval = 5; 30 + force_release_memory = true; 31 + }; 32 + }; 33 + }; 34 + }; 35 + }; 36 + 37 + testScript = '' 38 + start_all() 39 + 40 + host1.wait_for_unit("alice-lg.service") 41 + host1.wait_for_open_port(7340) 42 + host1.succeed("curl http://[::]:7340 | grep 'Alice BGP Looking Glass'") 43 + ''; 44 + }
+1
nixos/tests/all-tests.nix
··· 75 75 airsonic = handleTest ./airsonic.nix {}; 76 76 akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; 77 77 akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; }; 78 + alice-lg = handleTest ./alice-lg.nix {}; 78 79 allTerminfo = handleTest ./all-terminfo.nix {}; 79 80 alps = handleTest ./alps.nix {}; 80 81 amazon-init-shell = handleTest ./amazon-init-shell.nix {};